P
US12475232B2ActiveUtilityPatentIndex 56

Runtime application monitoring without modifying application program code

Assignee: VERACODE INCPriority: Apr 24, 2020Filed: May 31, 2024Granted: Nov 18, 2025
Est. expiryApr 24, 2040(~13.8 yrs left)· nominal 20-yr term from priority
Inventors:RIOUX CHRISTIEN RLAYZELL Robert Anthony
G06F 11/3612G06F 11/3093G06F 11/302G06F 2201/865G06F 11/3466G06F 9/4484G06F 21/577G06F 15/177
56
PatentIndex Score
0
Cited by
26
References
20
Claims

Abstract

To facilitate runtime monitoring and analysis of an application without modifying the actual application code, an agent monitors and analyzes an application through detection and evaluation of invocations of an API of a runtime engine provided for execution of the application. The agent registers to receive events which are generated upon invocation of target functions of the runtime engine API based on its load. Once loaded, the agent initially determines the language and language version number of the runtime engine. The agent determines associations of events for which to monitor and corresponding analysis code to execute upon detection of the invocations based on the language and version number information. When the agent detects an event during execution of the application based on invocations of the runtime engine API, the agent can monitor and analyze execution of the application based on execution of analysis code corresponding to the detected event.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method comprising:
 based on loading of an application into a runtime engine for execution, creating a plurality of hooks for a corresponding plurality of target functions of an application programming interface (API) of the runtime engine based on maintained indications of target functions of the API of the runtime engine, wherein each of the plurality of hooks associates one of the plurality of target functions with a corresponding one of a plurality of analysis code units;   detecting invocation of a first target function of the plurality of target functions of the API by the runtime engine during execution of the application in the runtime engine,
 wherein invocation of the first target function by the runtime engine triggers a corresponding one of the plurality of hooks; and 
   performing an action for at least one of monitoring and analyzing the application executing in the runtime engine based on executing a first analysis code unit of the plurality of analysis code units that has been associated with the first target function via the corresponding one of the plurality of hooks.   
     
     
         2 . The method of  claim 1 , wherein detecting invocation of the first target function comprises obtaining at least one of data and metadata associated with invocation of the first target function. 
     
     
         3 . The method of  claim 2 , further comprising:
 evaluating the at least one of data and metadata based on executing the first analysis code unit; and   detecting a vulnerability of the application based, at least in part, on evaluating the at least one of data and metadata.   
     
     
         4 . The method of  claim 3 , wherein evaluating the at least one of data and metadata associated with invocation of the first target function comprises evaluating the at least one of data and metadata based on one or more rules for vulnerability detection, wherein detecting the vulnerability of the application comprises determining that the at least one of data and metadata satisfy a first of the one or more rules for vulnerability detection. 
     
     
         5 . The method of  claim 1 , further comprising determining a version number of a language of the runtime engine, wherein creating the plurality of hooks is based on determining the version number of the language of the runtime engine. 
     
     
         6 . The method of  claim 1 , wherein creating the plurality of hooks comprises registering a plurality of callback functions, wherein each of the plurality of callback functions comprises a corresponding one of the plurality of analysis code units, wherein invocation of the first target function triggers invocation of a corresponding one of the plurality of callback functions. 
     
     
         7 . The method of  claim 1 , wherein the creating the plurality of hooks comprises associating the plurality of target functions with at least a first event listener, wherein the first event listener indicates a first event handler, and wherein the first event handler comprises the first analysis code unit. 
     
     
         8 . The method of  claim 1 , further comprising loading an agent into the runtime engine based on loading of the application into the runtime engine, wherein the agent creates the plurality of hooks and detects invocation of the first target function. 
     
     
         9 . The method of  claim 8 , wherein the agent and the application execute in parallel or concurrently. 
     
     
         10 . The method of  claim 1 , wherein performing the action for at least one of monitoring and analyzing the application based on executing the first analysis code unit comprises at least one of generating an indicator of an event corresponding to the invocation of the first target function and logging the event. 
     
     
         11 . One or more non-transitory machine-readable media having program code stored thereon, the program code comprising instructions to:
 based on loading of an application into a runtime engine for execution, create a plurality of hooks for a corresponding plurality of target functions of an application programming interface (API) of the runtime engine based on maintained indications of target functions of the API of the runtime engine, wherein the plurality of hooks associates the plurality of target functions with corresponding ones of a plurality of analysis code units;   detect invocation of a first target function of the plurality of target functions of the API by the runtime engine during execution of the application in the runtime engine, wherein invocation of the first target function by the runtime engine triggers a corresponding one of the plurality of hooks; and   perform an action for at least one of monitoring and analyzing the application executing in the runtime engine based on execution of a first analysis code unit of the plurality of analysis code units that is associated with the first target function via a first hook of the plurality of hooks.   
     
     
         12 . The non-transitory machine-readable media of  claim 11 , wherein the program code further comprises instructions to:
 evaluate at least one of data and metadata associated with invocation of the first target function based on execution of the first analysis code unit, wherein the instructions to detect invocation of the first target function comprise instructions to obtain the at least one of data and metadata associated with invocation of the first target function; and   detect a vulnerability of the application based, at least in part, on evaluation of the at least one of data and metadata.   
     
     
         13 . The non-transitory machine-readable media of  claim 11 , wherein the program code further comprises instructions to determine a version number of a language of the runtime engine, wherein the instructions to create the plurality of hooks comprise instructions to create the plurality of hooks based on the version number of the language of the runtime engine. 
     
     
         14 . The non-transitory machine-readable media of  claim 11 , wherein the instructions to create the plurality of hooks comprise instructions to register a plurality of callback functions, wherein each of the plurality of callback functions comprises a corresponding one of the plurality of analysis code units, wherein invocation of the first target function triggers invocation of a corresponding one of the plurality of callback functions. 
     
     
         15 . The non-transitory machine-readable media of  claim 11 , further comprising program code to load an agent into the runtime engine based on load of the application into the runtime engine, wherein creation of the plurality of hooks and detection of invocation of the first target function is by the agent. 
     
     
         16 . An apparatus comprising:
 a processor; and   a machine-readable medium having instructions stored thereon, the instructions executable by the processor to cause the apparatus to,
 based on loading of an application into a runtime engine for execution, create a plurality of hooks for a corresponding plurality of target functions of an application programming interface (API) of the runtime engine, wherein each of the plurality of hooks associates one of the plurality of target functions with a corresponding one of a plurality of analysis code units; 
 detect invocation of a first target function of the plurality of target functions of the API by the runtime engine during execution of the application in the runtime engine, wherein invocation of the first target function by the runtime engine triggers a corresponding one of the plurality of hooks; and 
 perform an action for at least one of monitoring and analyzing the application executing in the runtime engine based on execution of a first analysis code unit of the plurality of analysis code units that is associated with the first target function via the corresponding one of the plurality of hooks. 
   
     
     
         17 . The apparatus of  claim 16 , further comprising instructions executable by the processor to cause the apparatus to,
 evaluate at least one of data and metadata associated with invocation of the first target function based on execution of the first analysis code unit, wherein the instructions executable by the processor to cause the apparatus to detect invocation of the first target function comprise instructions executable by the processor to cause the apparatus to obtain the at least one of data and metadata associated with invocation of the first target function; and   detect a vulnerability of the application based, at least in part, on evaluation of the at least one of data and metadata.   
     
     
         18 . The apparatus of  claim 16 , wherein the instructions executable by the processor to cause the apparatus to create the plurality of hooks comprise instructions executable by the processor to cause the apparatus to register a plurality of callback functions, wherein each of the plurality of callback functions comprises a corresponding one of the plurality of analysis code units, wherein invocation of the first target function triggers invocation of a corresponding one of the plurality of callback functions. 
     
     
         19 . The apparatus of  claim 16 , further comprising instructions executable by the processor to cause the apparatus to determine a version number of a language of the runtime engine, wherein the instructions executable by the processor to cause the apparatus to create the plurality of hooks comprise instructions executable by the processor to cause the apparatus to create the plurality of hooks based on the version number of the language of the runtime engine. 
     
     
         20 . The apparatus of  claim 16 , wherein the instructions comprise instructions of an agent and are executable in the runtime engine, wherein the agent is loaded into the runtime engine based on load of the application into the runtime engine.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.